Add missing note about security re r75841

2024-11-13 17:57:07 +00:00 · 2010-11-01 23:09:51 +00:00 · 2010-11-01 23:09:51 +00:00 · 8bded939e4
parent d5afc1af52
commit 8bded939e4
1 changed files with 6 additions and 0 deletions
--- a/RSSData.php
+++ b/RSSData.php
@ -16,6 +16,12 @@ class RSSData {
 			foreach ( $item->childNodes as $n ) {
 				$name = $this->rssTokenToName( $n->nodeName );
 				if ( $name != null ) {
+					/* Because for DOMElements the nodeValue is just
+					 * the text of the containing element, without any
+					 * tags, it makes this a safe, if unattractive,
+					 * value to use. If you want to allow people to
+					 * mark up their RSS, some more precautions are
+					 * needed. */
 					$bit[$name] = $n->nodeValue;
 				}
 			}